[OpenAFS] Kerberos 5, AFS, and no krb524d

Lukas Kubin kubin@opf.slu.cz
Sun, 8 Jun 2003 12:20:31 +0200 (CEST)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Ok, so what do you mean here?  Working?
>
> Do you mean AFS?  Kerberos 5, AKlog.exe, Windows 2k/XP or all of the above?

All, together.

> 1.  Do you have an existing AFS infrastructure that works?

Yes, OpenAFS 1.2.9 on Debian, fileserver and dbservers, without kaserver.

> 2.  Do you have an existing Kerberos 5 infrastructure that works?

Yes, MIT Kerberos 1.2.4 on Debian.
Both of the above works fine when connecting from Linux machines. I can
mount the user's directory, work with rights etc.

> 3.  Do you have Win2k/XP installed on one of your machines?

Yes. Currently our network is built on Novell Netware. I'm experimenting
with AFS/K5 on one Windows 98 and one Windows XP machine. I tried both,
let the Netware's client installed there and also uninstall it to see,
whether it is of some importance or not.

> 4.  Do you have the OpenAFS client installed on the Win2k/XP machine?

Yes. I installed the latest for NT/2000 (on the XP box) and Windows 9x (on
the 98 box) I've found on openafs.org

> 5.  Does the OpenAFS client work...out of the box, on the Win2k/XP machine?

What do you mean by "does work"? For Windows XP: I installed it
successfully, restarted and added the cell name and server mapping. I can
start the service. I can not mount anything. AFS Client pops up a window
"Error Mapping Network Drive" telling me to check available drive
letters. But starting from E: all are unused.

> 6.  Have you installed the MIT Kerberos for Windows software to get
> Kerberos 5 tickets?

Yes and I'm getting the tickets.
On Windows XP: I get my user's ticket. Then I run aklog.exe and it
crashes. But after that I have the afs@REALM ticket addet to my ticket
list.

> 7.  Are your Win2k/XP machines members of a Windows Active Directory domain?

No. I would like to use OpenLDAP instead.

> 8.  Have you setup the Active Directory server and Win2k/XP machines to
> trust Kerberos realm?
> 9.  Irregardless of AFS, can you logon to your Win2k/XP machines with your
> Kerberos realm password?

Not for now. I also don't know how to configure Windows to use the
credentials user types into winlogon for Kerberos authentication. I'll
need this feature.

> Btw, this is a mailing list.  I'm subscribed to it.  You don't need to
> reply directly to me, just reply to the mailing list please.  Thanks.

Sorry. That was default behaviour of my mail client. I was too lazy to
change it.

Thank you for all the help.

lukas

> Rodney
>
> ...on any of 2000/XP
> >platform. Any suggestions?
> >Thank you.
> >
> >lukkas
> >
> >On 7 Jun 2003, Derek Atkins wrote:
> >
> > > Nothing is "impossible".  You may not like it, but it is most assuredly
> > > possible.  It may not be the best option, or the easiest option, but it
> > > is certainly an option.  Even if you've got 4-year-old PCs you should be
> > > able to upgrade.  It's just a matter of time.
> > >
> > > I've seen sites upgrade 2000+ machines... every year...  So only 200
> > > is far from "impossible".
> > >
> > > -derek
> > >
> > > Lukas Kubin <kubin@opf.slu.cz> writes:
> > >
> > > > The upgrade is impossible for me now. It would need to be done on 200
> > > > mid-aged computers. There >must< be some solution. I just can't find it.
> > > > The problem for me is I can't find any useful docs. I need to know:
> > > >
> > > > 1. Which K5 to download
> > > > 2. Which OpenAFS version to download
> > > > 3. Which (aklog.exe)??? to download and from where
> > > >
> > > > for both Windows 98 and XP and how to configure it.
> > > >
> > > > Now, I have an K5 and OpenAFS servers running on Debian Linux. The
> > > > kaserver is (by default OpenAFS install on Debian) not running.
> > > > Until now, every aklog crashed when I tried to start it.
> > > >
> > > > lukas
> > > >
> > > > On 7 Jun 2003, Derek Atkins wrote:
> > > >
> > > > > Windows 9x is dead.  Upgrade to an OS that was released this century.
> > > > >
> > > > > -derek
> > > > >
> > > > > Lukas Kubin <kubin@opf.slu.cz> writes:
> > > > >
> > > > > > Thank you for the very useful source of information for me.
> > > > > > Did you also try to do the same on Windows 9x ?
> > > > > >
> > > > > > lukas
> > > > > >
> > > > > > On Fri, 6 Jun 2003, Rodney M Dyer wrote:
> > > > > >
> > > > > > > At 10:15 PM 6/6/2003 +0200, Lukas Kubin wrote:
> > > > > > > >-----BEGIN PGP SIGNED MESSAGE-----
> > > > > > > >Hash: SHA1
> > > > > > > >
> > > > > > > >I absolutely agree. Is there any reason why it still hasn't
> > been done?
> > > > > > > >I don't have much to say, since I'm just starting with
> > OpenAFS/K5 but I
> > > > > > > >know this is what I need. I've spent this week just by filling
> > mailing
> > > > > > > >lists looking for a solution how to enable Windows to mount
> > AFS server
> > > > > > > >using K5 tickets. Unsuccessfully.
> > > > > > > >I'm not too skilled to help in programming it. Can I help any
> > other way?
> > > > > > >
> > > > > > > For some reason this question keeps coming up again, and again,
> > and again...
> > > > > > >
> > > > > > > We've been successful at using "aklog" within our IT group for
> > Windows
> > > > > > > XP.  It wasn't really that much of a pain...hind-sight actually.
> > > > > > >
> > > > > > > See...
> > > > > > >
> > > > > > > http://www.coe.uncc.edu/~rmdyer
> > > > > > >
> > > > > > > Once I got the hang of it, I can now download both OpenAFS and MIT
> > > > > > > Kerberos, and compile them with "aklog" all in one shot, within
> > about an hour.
> > > > > > >
> > > > > > > The original "aklog.exe" from Ken H's site didn't work (it
> > crashed good)
> > > > > > > because all of the Kerberos DLL entry points were screwed up
> > since it was
> > > > > > > compiled with an older version of MIT Kerberos.  The best thing
> > to do is
> > > > > > > just compile all "clean", then all the dll entry points should
> > match up
> > > > > > > perfectly.
> > > > > > >
> > > > > > > Rodney
> > > > > > >
> > > > > > > Rodney M. Dyer
> > > > > > > Windows Systems Programmer
> > > > > > > Mosaic Computing Group
> > > > > > > William States Lee College of Engineering
> > > > > > > University of North Carolina at Charlotte
> > > > > > > Email rmdyer@uncc.edu
> > > > > > > Phone (704)687-3518
> > > > > > > Help Desk Line (704)687-3150
> > > > > > > FAX (704)687-2352
> > > > > > > Office  267 Smith Building
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > OpenAFS-info mailing list
> > > > > > > OpenAFS-info@openafs.org
> > > > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > --
> > > > > > Lukas Kubin
> > > > > >
> > > > > > phone: +420596398285
> > > > > > email: kubin@opf.slu.cz
> > > > > >
> > > > > > Information centre
> > > > > > The School of Business Administration in Karvina
> > > > > > Silesian University in Opava
> > > > > > Czech Republic
> > > > > > http://www.opf.slu.cz
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > OpenAFS-info mailing list
> > > > > > OpenAFS-info@openafs.org
> > > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > > >
> > > > > --
> > > > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > > >        Member, MIT Student Information Processing Board  (SIPB)
> > > > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > > > >        warlord@MIT.EDU                        PGP key available
> > > > >
> > > > >
> > > >
> > > > --
> > > > Lukas Kubin
> > > >
> > > > phone: +420596398285
> > > > email: kubin@opf.slu.cz
> > > >
> > > > Information centre
> > > > The School of Business Administration in Karvina
> > > > Silesian University in Opava
> > > > Czech Republic
> > > > http://www.opf.slu.cz
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > >        Member, MIT Student Information Processing Board  (SIPB)
> > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > >        warlord@MIT.EDU                        PGP key available
> > >
> > >
> >
> >- --
> >Lukas Kubin
> >
> >phone: +420596398285
> >email: kubin@opf.slu.cz
> >
> >Information centre
> >The School of Business Administration in Karvina
> >Silesian University in Opava
> >Czech Republic
> >http://www.opf.slu.cz
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.1 (GNU/Linux)
> >Comment: Made with pgp4pine 1.75-6
> >
> >iD8DBQE+4fqrhukdIiZrwu4RAh0NAKCL8QoX6fSjg2Bk+Pxn+7SGO8PEzQCfYm2d
> >YcyAdgCHOP2oIy4qVoI6xIk=
> >=cV/c
> >-----END PGP SIGNATURE-----
> >
> >
> >
> >_______________________________________________
> >OpenAFS-info mailing list
> >OpenAFS-info@openafs.org
> >https://lists.openafs.org/mailman/listinfo/openafs-info
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>

- -- 
Lukas Kubin

phone: +420596398285
email: kubin@opf.slu.cz

Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE+4w36hukdIiZrwu4RAvvbAJ9tM6OayX37mMeYvEXk4EHjBmx1HQCfY8mY
IByRctWVM4MX7ln1rrDow0I=
=AwgR
-----END PGP SIGNATURE-----